Google Accounts Hacked from China

Through the strength of our cloud-based security and abuse detection systems*, we recently uncovered a campaign to collect user passwords, likely through phishing. This campaign, which appears to originate from Jinan, China, affected what seem to be the personal Gmail accounts of hundreds of users including, among others, senior U.S. government officials, Chinese political activists, officials in several Asian countries (predominantly South Korea), military personnel and journalists.

The goal of this effort seems to have been to monitor the contents of these users’ emails, with the perpetrators apparently using stolen passwords to change peoples’ forwarding and delegation settings. (Gmail enables you to forward your emails automatically, as well as grant others access to your account.)

Google detected and has disrupted this campaign to take users’ passwords and monitor their emails. We have notified victims and secured their accounts. In addition, we have notified relevant government authorities.

Mr. Grosse also encouraged Gmail users to better protect their information online by using what’s called a “two-step verification” when logging into Gmail so that the system can recognize the computer or mobile device from which a user is logging in, not just his or her password. The process “protected some accounts” from the China-based attack, he said.

The company has said there are more than 200 million Gmail users.

Google’s decision to point the finger at China follows its disclosure in January 2010 that the company said it had been hit with a cyber attack originating from China. The attack targeted as many as 34 different companies or other entities, people familiar with the a U.S. probe of the incident have said.